Hack and / - Password Cracking with GPUs, Part II: Get Cracking

Your hardware is ready. Now, let's load up some software and get cracking.

In Part I of this series, I explained how password cracking works in general terms and
described my specific password-cracking hardware. In this article, I dig
into the software side of things and describe how to put that hardware to
use cracking passwords. I also discuss the two main types of attacks:
dictionary and brute-force attacks. As I describe each attack, I also
give specific examples of how I used the software to attack phpass, the
hashing algorithm currently used for PHP-based software like WordPress.

For the purposes of this article, I created a sample WordPress blog on
my server and created a few custom accounts—some with weak passwords
and others with truly random passwords. Then, I went into the database
for the site and pulled out the phpass password hashes for each account
and put them into a file that looked like this:

The above hashes are legitimate phpass hashes created from six-character
passwords. I could tell you the passwords, but that would defeat the
fun of cracking them yourself.

Proprietary Video Drivers

For those of you who, like me, believe in open-source software, this next
section may be a bit disappointing. To get hardware-accelerated password-cracking software working on your system, you need to install the
proprietary video drivers from either AMD or NVIDIA. That said, if you
already have been using your system for Bitcoin mining, you already have
the drivers and libraries you need, so you can skip to the next section
about Hashcat. Honestly, you also could just follow the Bitcoin mining
HOWTOs for Linux, and that would describe how to get all the drivers and
libraries you need.

Many modern desktops make it relatively easy to pull down and install the
proprietary video drivers. For instance, an Ubuntu desktop will prompt
you that restricted drivers are available to install both for AMD and
NVIDIA cards. Most other popular distributions provide good documentation
on how to pull down the proprietary drivers as well. In the worst case,
you may have to download the software directly from the AMD or NVIDIA and
install it that way—they both have clear instructions and software
available for Linux just like for other OSes.

Once you have the proprietary drivers installed, you also need
the AMD APP SDK for its OpenCL libraries or the NVIDIA CUDA
libraries, depending on who made your video card. You likely will need to
get these libraries
directly from AMD or NVIDIA Web sites. The
install is straightforward though. In my case, I downloaded the
AMD-APP-SDK-v2.5-lnx32.tgz file from AMD, extracted it, and ran the
provided Install-AMD-APP.sh shell script as root.

Hashcat

Many different password-cracking suites exist both for CPU-
and GPU-based cracking. After reviewing all the options, I decided on the
Hashcat family of cracking tools available at http://hashcat.net. On the
site, you will see that a number of different tools are available. At
first glance, it can be a bit confusing, as you can choose from hashcat,
oclHashcat, oclHashcat-plus, oclHashcat-lite and even software called
maskprocessor. Each program has its purpose though, depending on what
you intend to do.

hashcat:

CPU-based, so slower than the GPU-based software.

Supports the widest range of hashing algorithms.

oclHashcat:

GPU-based password cracker.

Supports a moderate number of hashing algorithms.

Built-in support for dictionary, brute-force and mask attacks.

oclHashcat-plus:

GPU-based.

Supports the most hashing algorithms of the GPU-based hashcat crackers.

Optimized for dictionary attacks against multiple hashes.

Can support dictionary input from a pipe, so brute-force is possible.

oclHashcat-lite:

GPU-based.

Optimized for attacks against a single password hash.

Fastest of the hashcat family, but with the most-limited password hash support.

maskprocessor:

Generates dictionaries based on patterns you supply.

Not a password cracker in its own right, but can pipe output to
oclHashcat-plus for a brute-force attack.

Even with the above lists, it may not always be clear which software to
use. Basically, it comes down to what type of password you want to crack
and what kind of attack you want to use. The page on hashcat.net devoted
to each piece of software provides a list of the hashing algorithms they
support along with benchmark speeds of how many comparisons they can do
per second on different types of hardware. For a given password hash,
go through those pages and see which type of Hashcat software supports
your hash and has the highest benchmarks. Beyond that, use oclHashcat for
mask or brute-force attacks against multiple hashes, oclHashcat-lite for
single hashes or oclHashcat-plus if, as was the case with me, it's the
only GPU-accelerated version that supported your hash.

Once you decide which type of Hashcat software to use, installation is
relatively simple, if old-school. Just download the .7z package that
corresponds to the software, and use the 7za command-line tool (which
should be packaged for your distribution) to extract it. The software
will extract into its own directory that provides 32- and 64-bit versions
for both Linux and Windows. If you have NVIDIA hardware, you will use
the binaries that begin with cuda; otherwise, you will use the versions
that start with ocl. The directory also will contain a number of example
hashes and dictionaries and example shell scripts you can use to make
sure your libraries and drivers are in place. For instance, here's the
example provided with the oclHashcat-plus software for cracking a phpass
hash on a 64-bit system:

cat example.dict | ./oclHashcat-plus64.bin -m 400 example400.hash

Here's what the command output looked like when I ran the example against
the 32-bit version on my test rig:

In this case, the password was hash234. For all of the hashcat commands,
it's simple enough just to open a terminal and change to the directory
you extracted and run the commands locally from there. At the beginning
of the command output, you will be able to see what GPUs the software can
detect. If you have multiple GPUs in use (even if they aren't chained), it
should find them automatically. If it can't find your GPU, you will need
to revisit how you installed your proprietary drivers and extra libraries.

Kyle Rankin is a director of engineering operations in the San Francisco Bay Area, the author of a number of books including DevOps Troubleshooting and The Official Ubuntu Server Book, and is a columnist for Linux Journal.